var-200711-0064
Vulnerability from variot
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Mac OS X In this file system, a file consists of information called resource fork and data fork. RFC 1740 So, to handle this file structure by email MIME format (AppleSingle format, AppleDoube format ) Is defined. Apple Mail Is AppleDouble Parses resource forks when processing format attachments. This issue affects the Mail application when handling email attachments. This will compromise the application and possibly the underlying operating system. This issue affects Mac OS X 10.5. Although the issues seem similar in nature, this may not be the very same underlying vulnerability. We will update this BID as more information emerges. UPDATE (November 21, 2007): Reports indicate that this issue occurs because of an error in the application's quarantine feature. We have not confirmed this information. UPDATE (December 17, 2007): This vulnerability stems from an unspecified implementation issue in the Launch Services application. http://www.securityfocus.com/bid/16907. Apple Mail is the mail client bundled with the Apple operating system. If the user is logged on with administrative privileges, the attacker could take complete control of an affected system. Solution
Since there is no known patch for this issue at this time, US-CERT is recommending a workaround.
Workaround
Disable "Open 'safe' files after downloading"
Disable the option to "Open 'safe' files after downloading," as specified in the document "Securing Your Web Browser."
Appendix A. Impacts of other vulnerabilities include bypassing security restrictions and denial of service.
I. As further information becomes available, we will publish individual Vulnerability Notes. In addition, more information about VU#999708 is available in US-CERT Technical Cyber Security Alert TA06-053A.
II. Impact
The impacts of these vulnerabilities vary.
III. Solution
Install an update
Install the update as described in Apple Security Update 2006-001. In addition, this update is available via Apple Update.
Appendix A. Please send email to cert@cert.org with "TA06-062A Feedback VU#351217" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
March 3, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRAiYnH0pj593lg50AQIdzggAxPbhEKlYyJUdTNqDBGSI+GAQ2oRY9WFx i+2yy5B34IvwyWt04Wb9PxgbCeWHbw9zc8X5xRPZEA/nVQWX/nnz20Tnap8ZRZUC bqlzo9pz2P+TOm3SBKUlZ+Rl0xTUTBJus78oiczzLu/Fy1oB8obC3qfwNDdrykXc i2MupUdRbZ5azrzDmzJGZktpVwJjM9UbXypbwsa1vg5+pAcRf4N0939kcjBML6LH B1jKz3PF0DLX/THj0sAq5PwiE82jCtop1hpD8zVWJOLGX1lbxhcHVLbiFiKaaF7u lKvIAf6ec9h+MQDwAnuA2uaYaQSwofCiWdOPAlueMzq23Ultlinz4g== =5Ooe -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200711-0064",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "apple computer",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.5 mounted on apple mail"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#351217"
},
{
"db": "CERT/CC",
"id": "VU#433819"
},
{
"db": "CERT/CC",
"id": "VU#176732"
},
{
"db": "BID",
"id": "26510"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001015"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-390"
},
{
"db": "NVD",
"id": "CVE-2007-6165"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001015"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "heise Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200711-390"
}
],
"trust": 0.6
},
"cve": "CVE-2007-6165",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-6165",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-29527",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-6165",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#351217",
"trust": 0.8,
"value": "17.21"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#433819",
"trust": 0.8,
"value": "9.28"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#176732",
"trust": 0.8,
"value": "17.21"
},
{
"author": "NVD",
"id": "CVE-2007-6165",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200711-390",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-29527",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#351217"
},
{
"db": "CERT/CC",
"id": "VU#433819"
},
{
"db": "CERT/CC",
"id": "VU#176732"
},
{
"db": "VULHUB",
"id": "VHN-29527"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001015"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-390"
},
{
"db": "NVD",
"id": "CVE-2007-6165"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Mac OS X In this file system, a file consists of information called resource fork and data fork. RFC 1740 So, to handle this file structure by email MIME format (AppleSingle format, AppleDoube format ) Is defined. Apple Mail Is AppleDouble Parses resource forks when processing format attachments. This issue affects the Mail application when handling email attachments. This will compromise the application and possibly the underlying operating system. \nThis issue affects Mac OS X 10.5. Although the issues seem similar in nature, this may not be the very same underlying vulnerability. We will update this BID as more information emerges. \nUPDATE (November 21, 2007): Reports indicate that this issue occurs because of an error in the application\u0027s quarantine feature. We have not confirmed this information. \nUPDATE (December 17, 2007): This vulnerability stems from an unspecified implementation issue in the Launch Services application. \nhttp://www.securityfocus.com/bid/16907. Apple Mail is the mail client bundled with the Apple operating system. If the user is logged\n on with administrative privileges, the attacker could take complete\n control of an affected system. Solution\n\n Since there is no known patch for this issue at this time, US-CERT is\n recommending a workaround. \n\nWorkaround\n\nDisable \"Open \u0027safe\u0027 files after downloading\"\n\n Disable the option to \"Open \u0027safe\u0027 files after downloading,\" as\n specified in the document \"Securing Your Web Browser.\"\n\n\nAppendix A. Impacts of\n other vulnerabilities include bypassing security restrictions and\n denial of service. \n\n\nI. As further information becomes\n available, we will publish individual Vulnerability Notes. In\n addition, more information about VU#999708 is available in US-CERT\n Technical Cyber Security Alert TA06-053A. \n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. \n\n\nIII. Solution\n\nInstall an update\n\n Install the update as described in Apple Security Update 2006-001. In\n addition, this update is available via Apple Update. \n\n\nAppendix A. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-062A Feedback VU#351217\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n March 3, 2006: Initial release\n \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRAiYnH0pj593lg50AQIdzggAxPbhEKlYyJUdTNqDBGSI+GAQ2oRY9WFx\ni+2yy5B34IvwyWt04Wb9PxgbCeWHbw9zc8X5xRPZEA/nVQWX/nnz20Tnap8ZRZUC\nbqlzo9pz2P+TOm3SBKUlZ+Rl0xTUTBJus78oiczzLu/Fy1oB8obC3qfwNDdrykXc\ni2MupUdRbZ5azrzDmzJGZktpVwJjM9UbXypbwsa1vg5+pAcRf4N0939kcjBML6LH\nB1jKz3PF0DLX/THj0sAq5PwiE82jCtop1hpD8zVWJOLGX1lbxhcHVLbiFiKaaF7u\nlKvIAf6ec9h+MQDwAnuA2uaYaQSwofCiWdOPAlueMzq23Ultlinz4g==\n=5Ooe\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6165"
},
{
"db": "CERT/CC",
"id": "VU#351217"
},
{
"db": "CERT/CC",
"id": "VU#433819"
},
{
"db": "CERT/CC",
"id": "VU#176732"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001015"
},
{
"db": "BID",
"id": "26510"
},
{
"db": "VULHUB",
"id": "VHN-29527"
},
{
"db": "PACKETSTORM",
"id": "44162"
},
{
"db": "PACKETSTORM",
"id": "44362"
}
],
"trust": 4.32
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-29527",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29527"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "27785",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#433819",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2007-6165",
"trust": 2.8
},
{
"db": "BID",
"id": "26510",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA07-352A",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "28136",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-4238",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3958",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1019106",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "19064",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#351217",
"trust": 0.9
},
{
"db": "USCERT",
"id": "TA06-062A",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#176732",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "18220",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA07-352A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001015",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA07-352A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-12-17",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200711-390",
"trust": 0.6
},
{
"db": "USCERT",
"id": "TA06-053A",
"trust": 0.2
},
{
"db": "CERT/CC",
"id": "VU#999708",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-84148",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "30781",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16870",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-29527",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "44162",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "44362",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#351217"
},
{
"db": "CERT/CC",
"id": "VU#433819"
},
{
"db": "CERT/CC",
"id": "VU#176732"
},
{
"db": "VULHUB",
"id": "VHN-29527"
},
{
"db": "BID",
"id": "26510"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001015"
},
{
"db": "PACKETSTORM",
"id": "44162"
},
{
"db": "PACKETSTORM",
"id": "44362"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-390"
},
{
"db": "NVD",
"id": "CVE-2007-6165"
}
]
},
"id": "VAR-200711-0064",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-29527"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T21:12:19.466000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Update 2007-009",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=307179-en"
},
{
"title": "Security Update 2007-009",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=307179-ja"
},
{
"title": "TA07-352A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta07-352a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001015"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29527"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001015"
},
{
"db": "NVD",
"id": "CVE-2007-6165"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/26510"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-352a.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/433819"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/27785"
},
{
"trust": 2.4,
"url": "http://docs.info.apple.com/article.html?artnum=303382"
},
{
"trust": 2.0,
"url": "http://www.heise-security.co.uk/news/99257"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2007/dec/msg00002.html"
},
{
"trust": 1.7,
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1019106"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28136"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/19064/"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/3958"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/3958"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"trust": 0.8,
"url": "http://security-protocols.com/advisory/sp-x22-advisory.txt"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/18220/"
},
{
"trust": 0.8,
"url": "http://webkit.opendarwin.org/"
},
{
"trust": 0.8,
"url": "http://www.heise-security.co.uk/news/99257 "
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/27785/"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-062a.html"
},
{
"trust": 0.8,
"url": "http://www.cert.org/homeusers/email-attachments.html"
},
{
"trust": 0.8,
"url": "http://www.apple.com/macosx/features/mail.html"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc1740"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6165"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2007/wr074701.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta07-352a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu%23433819/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta07-352a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-6165"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa07-352a.html"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/4238"
},
{
"trust": 0.3,
"url": "http://software.cisco.com/download/navigator.html?mdfid=283613663"
},
{
"trust": 0.3,
"url": "http://www.heise-security.co.uk/services/emailcheck/demos/go.shtml?mail=apple"
},
{
"trust": 0.2,
"url": "http://www.kb.cert.org/vuls/id/999708\u003e"
},
{
"trust": 0.2,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-053a.html\u003e"
},
{
"trust": 0.2,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.2,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/macosx/features/safari/\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/#sgeneral\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/176732\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-062a.html\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/351217\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/#safari\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=303382\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#351217"
},
{
"db": "CERT/CC",
"id": "VU#433819"
},
{
"db": "CERT/CC",
"id": "VU#176732"
},
{
"db": "VULHUB",
"id": "VHN-29527"
},
{
"db": "BID",
"id": "26510"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001015"
},
{
"db": "PACKETSTORM",
"id": "44162"
},
{
"db": "PACKETSTORM",
"id": "44362"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-390"
},
{
"db": "NVD",
"id": "CVE-2007-6165"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#351217"
},
{
"db": "CERT/CC",
"id": "VU#433819"
},
{
"db": "CERT/CC",
"id": "VU#176732"
},
{
"db": "VULHUB",
"id": "VHN-29527"
},
{
"db": "BID",
"id": "26510"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001015"
},
{
"db": "PACKETSTORM",
"id": "44162"
},
{
"db": "PACKETSTORM",
"id": "44362"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-390"
},
{
"db": "NVD",
"id": "CVE-2007-6165"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-03-03T00:00:00",
"db": "CERT/CC",
"id": "VU#351217"
},
{
"date": "2007-11-27T00:00:00",
"db": "CERT/CC",
"id": "VU#433819"
},
{
"date": "2006-03-03T00:00:00",
"db": "CERT/CC",
"id": "VU#176732"
},
{
"date": "2007-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-29527"
},
{
"date": "2007-11-20T00:00:00",
"db": "BID",
"id": "26510"
},
{
"date": "2007-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001015"
},
{
"date": "2006-02-26T03:08:24",
"db": "PACKETSTORM",
"id": "44162"
},
{
"date": "2006-03-06T09:45:32",
"db": "PACKETSTORM",
"id": "44362"
},
{
"date": "2007-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200711-390"
},
{
"date": "2007-11-29T01:46:00",
"db": "NVD",
"id": "CVE-2007-6165"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#351217"
},
{
"date": "2007-11-27T00:00:00",
"db": "CERT/CC",
"id": "VU#433819"
},
{
"date": "2006-03-03T00:00:00",
"db": "CERT/CC",
"id": "VU#176732"
},
{
"date": "2011-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-29527"
},
{
"date": "2007-12-18T20:06:00",
"db": "BID",
"id": "26510"
},
{
"date": "2007-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001015"
},
{
"date": "2007-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200711-390"
},
{
"date": "2011-10-06T04:00:00",
"db": "NVD",
"id": "CVE-2007-6165"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "44162"
},
{
"db": "PACKETSTORM",
"id": "44362"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-390"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Safari WebKit component vulnerable to buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#351217"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200711-390"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.